Skip to content
Unknown's avatar

Solving SharePoint Issues – Eric Schrader

Microsoft Azure Cloud Architect/Developer. Tips for SharePoint, AWS, PowerShell, SPFX, TypeScript, jQuery, XSLT, HTML and Security

  • Home
  • About me
  • DevOps
  • Cloud Solutions
  • Linux
  • SharePoint
    • Administration
    • Architecture
    • Branding
    • Development
    • Migration

Month: June 2017

SharePoint Online Azure AD B2B – Custom email invites for users using PowerShell

Big changes have been happening with External User sharing for SharePoint Online over the past few months now that Azure Active Directory Business to Business (Azure AD B2B) is now generally available. Azure AD B2B allows you to share Office 365 content and line of business applications to users outside your organization. If you are new to Azure AD B2B, watch this great intro on this page: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-what-is-azure-ad-b2b

The drawback however is the user onboarding process. Security groups, permissions, user onboarding, administration, the cumbersome 4-6 step user invite process to accept and signup/sign-in to your site, etc. make it difficult to see a good OOTB solution. However, after reading most of the Azure AD B2B articles and working with Microsoft support, I have found an improved (not perfect) process for inviting users and allowing them to sign up for a Microsoft account.

This script will:

  • Import your users from a CSV file
  • Add them to an Office 365 security group (that is permissioned to your app or SharePoint Online site)
  • Send them a custom email message with the invite link that fully supports HTML

The goal of this script is to make it easier on the user so they see a custom email and not a generic Office 365 Azure AD email (after all, the users have no clue what Azure AD is)

Administration- CSV import file

When inviting the users, create a CSV file in the following format:

InvitedUserEmailAddress Name
[email protected] Eric Schrader (Company Optional)
[email protected] Eric Schrader
Etc.

Above, the first row is the CSV headers which we will reference in PowerShell during the import. The following rows are the actual users valid email where the invite will be sent (but we will intercept this email, so this will just be used as the users identity so we know how to email them in the future). Long story, but the invited email doesn’t have to match the Personal/Organizational account they sign in as, but for this blog post they will match so we don’t get confused with Authorization vs Authentication.

Administration- Create a Security group and set SharePoint Online permissions

The next step is so you don’t have to go into SharePoint Online sites and add each users’ permissions manually.

  1. Similar to AD groups, create an Office 365 Security Group in the O365 Users > Groups admin center.
  2. Add the AD group to SharePoint and set any read/write permissions this group will have (so maybe your group is called External Users and they are read only to the root site, then another called External Members with contribute permissions, etc.

Once we import the CSV of users, we will have to add the new users to the O365 groups accordingly.

PowerShell time!

Be sure to install the Azure AD PS module – https://www.powershellgallery.com/packages/AzureADPreview Otherwise, you cannot run these commands.

Get the ID of your security group

Get the security group name you want the external users to automatically be added to:


get-azureadgroup | where-object {$_.DisplayName -ilike “External Users”}

 

(replace External Users with the name of your Security group you want the users to be added to)

Then copy the Object ID for the group and save this for our script.

The whole enchilada

#1.) Install Azure AD PS module – https://www.powershellgallery.com/packages/AzureADPreview
#Install-Module -Name AzureADPreview

#2.) provide O365 tenant admin cred

$cred = Get-Credential

Connect-AzureAD -Credential $cred

#2.a) second cred for O365 email account (merge var with above if for non-demo O365 tenant)

$adminemailcred = get-credential

#2.b) External User Security Group ID

#get-azureadgroup | where-object {$_.DisplayName -ilike “External Users”}

$groupID = “c9a04711-e307-4370-af42-f48db58f80c5”

#3.) import CSV, update url and csv location below.

$invitations = import-csv C:\azure_ad_b2b.csv

foreach ($email in $invitations) {

#loop over each user in the CSV and create an invite for that user but does not email the user

$result= New-AzureADMSInvitation -InvitedUserEmailAddress $email.InvitedUserEmailAddress -InvitedUserDisplayName $email.Name -InviteRedirectUrl https://mycompanyhere.sharepoint.com/sites/extranet -InvitedUserMessageInfo $messageInfo -SendInvitationMessage $false

$inviteurl = $result.InviteRedeemUrl

$userid = $result.InvitedUser.Id

#automatically add the new user to your Security Group

Add-AzureADGroupMember -ObjectId $groupID -RefObjectId $userid

#send the user a custom email from your Office 365 tenant. Supports HTML.

#Configuration variables for Email#Configuration variables for Email $EmailTo = $result.InvitedUserEmailAddress
$EmailFrom = “Eric Schrader <[email protected]>”
$EmailSubject = “INVITE: Eschrader Extranet”
$SupportEmail = “[email protected]”
$SmtpServer = “smtp.office365.com”
$InviteUrl = $inviteurl
$DisplayName = $result.Name

#HTML Template $EmailBody = @”
<header>
<img src=”https://eschrader.com/wp-content/uploads/2017/05/sileo-logo.png” />
</header>

Congrats $DisplayName,

You have been invited to access the Eschrader extranet.

 

Sign Up

</p>   <p> If you need further assistance, please contact us <a href=”mailto:$SupportEmail”>$SupportEmail</a>  </p>
</div>
“@
Send-MailMessage -To $EmailTo -from $EmailFrom -Subject $EmailSubject -Body $EmailBody -BodyAsHtml -smtpserver $SmtpServer -usessl -Credential $adminemailcred -Port 587

}

Note, above HTML was stripped out of my email template. Here is a PasteBin: https://pastebin.com/e1ziPq9U

In the above script,

  • Note that #2 and #2a can be combined to just prompt you once. I had to use two because I have two O365 tenants, one is a demo tenant that does not support email and the other is my personal O365 tenant I send the email from.
  • YOU WILL NEED TO REPLACE A LOT OF THE HARD-CODED VARIABLES ABOVE IN THE SCRIPT. LOOK CLOSELY.
  • Watch out for the fancy quotes

Here is an example email I sent myself to test (I put the access ID for my demo tenant and accepted it, so don’t bother typing it out haha)

If you want to embed images in the HTML message, I believe send-mailmessage has an “attachments” and “-inline attachments” parameter as outlined in this script, which can easily be adapted to your email template https://gallery.technet.microsoft.com/scriptcenter/Send-MailMessage-3a920a6d

You can also add other columns to the CSV file for send-mailmessage such as company, group ID, etc. and really build this script out.

There are lots of hard coded variables, as this is a rough script. Feel free to clean it up!

Links:

Azure AD User/Group PowerShell commands: https://docs.microsoft.com/en-us/powershell/module/Azuread/?view=azureadps-2.0

Send email from Office 365 in PowerShell: https://absolute-sharepoint.com/2016/03/send-email-from-powershell-in-office-365.html

Azure AD B2B invite process overview (OOTB, not PowerShell): https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-invitation-email

A good import script using a different CSV format, a good read: http://artokai.net/2016/SPOnlineAndAzureB2B/

Eric Schrader Administration, Architecture, Branding, Cloud Solutions, SharePoint 5 Comments June 12, 2017May 9, 2018 4 Minutes

Search

Eric Schrader

Donate

Buy Me A Coffee
Locations of visitors to this page

Archives

  • November 2021
  • September 2020
  • July 2020
  • June 2020
  • November 2019
  • September 2019
  • August 2019
  • March 2019
  • May 2018
  • March 2018
  • February 2018
  • November 2017
  • October 2017
  • June 2017
  • May 2017
  • April 2017
  • January 2017
  • December 2016
  • April 2016
  • January 2016
  • August 2015
  • July 2015
  • June 2015
  • September 2014
  • December 2013
  • October 2013
  • September 2013
  • August 2013
  • March 2013
  • April 2012
  • January 2011
  • September 2010
  • July 2010
  • June 2010
  • February 2010
  • October 2009
  • August 2009

Latest Comments

  • Eric Schrader on Remote Desktop Connection Manager (RDCMan) on HD/high resolution displays too small- Fixed
  • Vickey Rajpoot on Remote Desktop Connection Manager (RDCMan) on HD/high resolution displays too small- Fixed
  • Eric Schrader on SharePoint Online- Bad service principal breaks SharePoint Admin API Access “Global Service Principal ID Error: Error: {}” Resolved
  • Youssef on SharePoint Online- Bad service principal breaks SharePoint Admin API Access “Global Service Principal ID Error: Error: {}” Resolved
  • Eric Schrader on SharePoint Online- Bad service principal breaks SharePoint Admin API Access “Global Service Principal ID Error: Error: {}” Resolved
Proudly powered by WordPress | Theme: Independent Publisher 2 by Raam Dev.